As a general rule, if you are using SSL on a website you need an IP address per SSL cert/SSL site. It is not a limitation of the certificate per se, but is a limitation/feature of SSL.

The more serious problem is usually that home routers can only route ports to one IP or one DMZ host, so in order to implement your solution you would need a more upmarket router, or a carefully set up proxy in front of the web server, which brings in a whole new set of problems, not least of which is that the proxy needs ssl as well.

Setting up multiple IP's on a single NIC is not diffcult, but differs slightly from distro to distro, so you op sys would be useful to know

I have a dedicated server that i manage in a data center, so they have all that set up there. My server is unmanaged, so i use SSH to maintain it, and it is up and running fine.

The OS is Debian 4.0 Etch, based on the install that I d/l from here, with a few tweaks and such.

When i leased the server, for some reason i asked for 2 IP addresses, i dont know why i did that at the time, but anyway, i have the second IP that is not in use, so when the question came up to me about getting an SSL for a client, i looked into it, and found out that it was an IP based SSL, so then i remembered that i had that other IP address, and i was looking at how to implement it onto my existing server.

I hope that clarifies that a little more, being that it is not a home based server, it is in a data center at a remote location.

That certainly makes it a bit easier for you. On debian/ubuntu installs, you simply edit /etc/network/interfaces and add aliases, or use ifconfig to add them. The aliases are the network interface with a :0 or :1 etc added - etho:0, eth1:1

and so on. If you add one and examine /etc/network/interfaces, you should see the changes.

You will of course need to assign each website to an IP, change the listen address configuration for Apache, and set up the ssl on each one. DNS will have to point to the coorect IP for each website as well.

Thanks! but i do have 1 more question, will apache listen on 2 ip's? i haven't looked at the conf file for a while, so i can't think off the top of my head, and to save my hair and a headache, i thought i would ask here

I use zoneedit to manage my DNS, so i can point any url to any IP pretty easy, even sub domains to differnet ip's. (not that you prolly dont already know that).

Will it be difficult to handle the SSL within the same apache server, even if like in my example i use 10 different ip addresses?

This should already be enabled since i already have a self signed 256bit SSL cert?
the issue i am running into, is that it is not a trusted SSL, and my clients need/want that.

now, if I can only figure out IPTables, and such, i would be all set, that way i can set up my FTP on a single IP, and only allow 2 ports (ftp and sftp), and then the http would be on their ips, and the mail on its... i dunno... too much work, not enough time

If the ssl cert does not have a root cert distributed with the browsers, then it's not worth paying money for it. You may as well sign up cacert.org and issue your own. Are you sure that it does not simply require a chain certificate installed on the browser as well? e.g. You have a cert for www.mydomain.com issued by cheapncheerfulssl.com. What you are missing is the chain cert linking cheapncheerfulssl.com back to the biggie who has a cert distributed with the browsers. Usually its a download linked somewhere on the issuers website.

On the iptables, ftp side, I'm pretty sure there are HowTo's floating round here on the site.